u5CMS 3.9.3 - 'deletefile.php' Arbitrary File Deletion

u5CMS 3.9.3 deletefile.php Arbitrary File Deletion Vulnerability Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission...

DNS Enumeration Script: DNSRecon

DNS reconnaissance is part of the information gathering stage on a penetration test engagement. When a penetration tester is performing a DNS reconnaissance he is trying to obtain as much information as he can regarding the DNS servers and their records. The information that can be gathered can...

packETH – Ethernet Packet Generator

packETH Ethernet Packet Generator packETH is GUI and CLI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on the ethernet link. It is very simple to use, powerful and supports many adjustments of parameters while sending sequence of...

Symantec Encryption Management Server 3.2.0 MP6 - Remote Command Injection

Symantec Encryption Management Server 3.2.0 MP6 - Remote Command Injection Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encrypti...

Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection

Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encryption Gateway Affected Versions: 3.2.0 MP6 Product Website:...

Fedora 21 : kernel-3.18.3-201.fc21 (2015-0937)

The 3.18.3 update contains a number of important fixes across the tree. The 201 build should also fix most of the i915 issues seen in testing on 3.18.2-200 The 3.18.2 kernel rebase contains several new features as well as several fixes across the tree. Note that Tenable Network Security has...

LabTech Insecure File Permissions Vulnerability

LabTech is an international company specializing in providing analytical chemistry laboratories from sample pre-treatment to analytical testing solutions for food safety, environmental testing, disease control and materials analysis. LabTech has an insecure file permission vulnerability that can ...

Dropbox: Unvalidated Redirects and Stored XSS

Hi, This bug might interest you. In the process of testing , I uploaded a file which contained the scripts: window.opener.location.replace'http://blackhorse.x10host.com/test.php'; alertdocument.domain alertdocument.cookie On opening of the uploaded file through the events section, the XSS pop-ups...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library...

CVE-2014-6574

Affected software : Oracle Agile PLM for Process, part of Oracle Supply Chain Products Suite 6.1.0.3. Vulnerability description : Unspecified vulnerability related to the Testing Protocol Library could allow remote attackers to compromise integrity. Documents indicate the issue affects the specif...

CVE-2014-6574

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library...

Exploit Pack - Open Source Security Project for Penetration Testing and Exploit Development

Exploit Pack, is an open source GPLv3 security tool, this means it is fully free and you can use it without any kind of restriction. Other security tools like Metasploit, Immunity Canvas, or Core Iimpact are ready to use as well but you will require an expensive license to get access to all the...

Dell iDRAC IPMI 1.5 Insufficient Session ID Randomness

""" For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock = socketAFINET,SOCKDGRAM UDPsock.settimeout2 data = 21 offset of...

SAP NetWeaver 7.4 - cryptographic issues

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: cryptographic issues Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2191290 Author: Vahagn Vardanyan ERPScan VULNERABILITY...

SAP NetWeaver 7.4 (MDT component) - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

Microsoft Shuts Down Patch Tuesday Advanced Notifications

Microsoft today pulled the plug on its Advanced Notification Service ANS, offering it going forward only to paying Premier customers. ANS preceded the release of Microsoft’s monthly Patch Tuesday security bulletins; on the Thursday prior, Microsoft would provide users via its security website a...

Kali Linux NetHunter - Android penetration testing platform

NetHunter is a Android penetration testing platform for Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical...

SPARTA - Network Infrastructure Penetration Testing Tool

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

BlueMaho - Bluetooth Security Testing Suite

BlueMaho is GUI-shell interface for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice...

SAP Mobile Platform - XXE

Application: Mobile Platform 3 Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 29.12.2014 Vendor response: 30.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2125513 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External Entity...